CVE-2019-5642 - OpenCVE

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rapid7	Metasploit

Configuration 1 [-]

OR	cpe:2.3:a:rapid7:metasploit:::::pro:::*
	cpe:2.3:a:rapid7:metasploit:4.16.0:-:::pro:::*
	cpe:2.3:a:rapid7:metasploit:4.16.0:20190722:::pro:::*
	cpe:2.3:a:rapid7:metasploit:4.16.0:20190805:::pro:::*
	cpe:2.3:a:rapid7:metasploit:4.16.0:2019081901:::pro:::*

No data.

References

Link	Providers
https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001

History

No history.

MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2019-11-06T18:30:42.787547Z

Updated: 2024-09-17T04:24:03.024Z

Reserved: 2019-01-07T00:00:00

Link: CVE-2019-5642

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-11-06T19:15:12.360

Modified: 2019-11-13T14:28:18.777

Link: CVE-2019-5642

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Metasploit Pro", "vendor": "Rapid7", "versions": [{"lessThanOrEqual": "4.16.0-2019081901", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was discovered and reported to Rapid7 by Rodney Beele. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."}], "datePublic": "2019-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-11-06T18:30:42", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"}], "solutions": [{"lang": "en", "value": "This issue is resolved in Metasploit Pro version 4.16.0-2019091001"}], "source": {"advisory": "R7-2019-35", "defect": ["MS-4514"], "discovery": "USER"}, "title": "MAGICK", "x_generator": {"engine": "Vulnogram 0.0.8"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2019-09-12T20:00:00.000Z", "ID": "CVE-2019-5642", "STATE": "PUBLIC", "TITLE": "MAGICK"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Metasploit Pro", "version": {"version_data": [{"version_affected": "<=", "version_value": "4.16.0-2019081901"}]}}]}, "vendor_name": "Rapid7"}]}}, "credit": [{"lang": "eng", "value": "This issue was discovered and reported to Rapid7 by Rodney Beele. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface."}]}, "generator": {"engine": "Vulnogram 0.0.8"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}]}, "references": {"reference_data": [{"name": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001", "refsource": "CONFIRM", "url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"}]}, "solution": [{"lang": "en", "value": "This issue is resolved in Metasploit Pro version 4.16.0-2019091001"}], "source": {"advisory": "R7-2019-35", "defect": ["MS-4514"], "discovery": "USER"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:51.954Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2019-5642", "datePublished": "2019-11-06T18:30:42.787547Z", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2024-09-17T04:24:03.024Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:pro:*:*:*", "matchCriteriaId": "D0955FF0-9FB8-48BE-AF5F-8DE42FD0C143", "versionEndExcluding": "4.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.16.0:-:*:*:pro:*:*:*", "matchCriteriaId": "35954372-1852-47D3-B920-E9E4AABD6B69", "vulnerable": true}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.16.0:20190722:*:*:pro:*:*:*", "matchCriteriaId": "40954A9F-1E07-45A5-AA7C-0AC8C4B478BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.16.0:20190805:*:*:pro:*:*:*", "matchCriteriaId": "FBD2D8F1-294E-4E6A-B78F-EB3181F2B224", "vulnerable": true}, {"criteria": "cpe:2.3:a:rapid7:metasploit:4.16.0:2019081901:*:*:pro:*:*:*", "matchCriteriaId": "E78CB217-64EC-4276-A4CB-7D0DAF1E378D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface."}, {"lang": "es", "value": "Rapid7 Metasploit Pro versi\u00f3n 4.16.0-2019081901 y anterior, sufre de una instancia de CWE-732, en la que el \u00fanico server.key es escrito en el sistema de archivos durante la instalaci\u00f3n con permisos de tipo world-readable. Esto puede permitir a otros usuarios del mismo sistema donde est\u00e1 instalado Metasploit Pro, por otra parte interceptar comunicaciones privadas a la interfaz web de Metasploit Pro."}], "id": "CVE-2019-5642", "lastModified": "2019-11-13T14:28:18.777", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cve@rapid7.com", "type": "Secondary"}]}, "published": "2019-11-06T19:15:12.360", "references": [{"source": "cve@rapid7.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "cve@rapid7.com", "type": "Secondary"}]}